Merge branch 'master' of https://github.com/microsoft/Dynamics365FO-AppChecker

2022-11-28 14:31:11 -08:00 · 2022-11-28 14:31:11 -08:00 · c7e2fc6830
--- a/.github/workflows/Build.BulkQuery.netcore.yml
+++ b/.github/workflows/Build.BulkQuery.netcore.yml
@ -22,7 +22,7 @@ jobs:
        - name: Setup .NET core
          uses: actions/setup-dotnet@v1
          with:
-             dotnet-version: '3.1.100' # SDK Version to use.
+             dotnet-version: '5.0' # SDK Version to use.

        - name: Build and publish
          run: dotnet publish -r win-x64  --self-contained true -c Release -p:PublishSingleFile=true  "tools\Workflows\BulkQuery\BulkQuery.netcore.csproj"
@ -31,5 +31,5 @@ jobs:
          uses: actions/upload-artifact@v1
          with:
             name: BulkQuery.netcore
-             path: "tools\\Workflows\\BulkQuery\\bin\\Release\\netcoreapp3.1\\win-x64\\publish"
+             path: "tools\\Workflows\\BulkQuery\\bin\\Release\\net5.0\\win-x64\\publish"
       
--- a/.github/workflows/Build.Extractor.NetCore.yaml
+++ b/.github/workflows/Build.Extractor.NetCore.yaml
@ -22,7 +22,7 @@ jobs:
        - name: Setup .NET core
          uses: actions/setup-dotnet@v1
          with:
-             dotnet-version: '3.1.100' # SDK Version to use.
+             dotnet-version: '5.0' # SDK Version to use.

        - name: Build and publish
          run: dotnet publish -r win-x64  --self-contained true -c Release -p:PublishSingleFile=true  "tools\Explorer\Socratex Explorer.netcore.csproj"
@ -31,5 +31,5 @@ jobs:
          uses: actions/upload-artifact@v1
          with:
             name: SocrateX.Explorer.netcore
-             path: "tools\\Explorer\\bin\\Release\\netcoreapp3.1\\win-x64\\publish"
+             path: "tools\\Explorer\\bin\\Release\\net5.0-windows\\win-x64\\publish"
       
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.7 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/opensource/security/definition), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/opensource/security/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/opensource/security/pgpkey).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://aka.ms/opensource/security/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/opensource/security/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/opensource/security/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->
--- a/rules/X++/DeleteStatementsWithCrossCompany.xq
+++ b/rules/X++/DeleteStatementsWithCrossCompany.xq
@ -0,0 +1,16 @@
+(: Copyright (c) Microsoft Corporation.
+   Licensed under the MIT license. :)
+
+(: Find references cross compnay delete statements. :)
+
+(: @Language Xpp :)
+(: @Category Informational :)
+<Results>
+{
+  for $a in /(Class | Table | Form | Query)
+  for $stmt in $a//DeleteStatement//(CrossCompanyAll | CrossCompanyContainer)
+  order by $a/@Package
+  return <Result Artifact='{$a/@Artifact}' Package='{$a/@Package}'
+    StartLine='{$stmt/@StartLine}' StartCol='{$stmt/@StartCol}' EndLine='{$stmt/@EndLine}' EndCol='{$stmt/@EndCol}'/>
+}
+</Results>
--- a/rules/X++/NestedConstructors.xq
+++ b/rules/X++/NestedConstructors.xq
@ -0,0 +1,19 @@
+declare namespace functx = "http://www.functx.com";
+declare function functx:depth-of-node
+  ( $node as node()? )  as xs:integer {
+
+   count($node/ancestor-or-self::node())
+ } ;
+
+<Constructors>
+{
+    for $c in /Class
+    for $m in $c/Method[@IsConstructor="true"]
+    for $super in $m//ExpressionStatement/SuperCall
+    let $depth := functx:depth-of-node($super)
+    where $depth > 5
+    return <Constructor Artifact='{$c/@Artifact}' Depth='{$depth}' Package='{$c/@Package}'
+        StartLine='{$super/@StartLine}' StartCol='{$super/@StartCol}'
+        EndLine='{$super/@EndLine}' EndCol='{$super/@EndCol}' />
+}
+</Constructors>
--- a/tools/BaseXInterface/BaseXInterface.netcore.csproj
+++ b/tools/BaseXInterface/BaseXInterface.netcore.csproj
@ -1,8 +1,7 @@
-<Project Sdk="Microsoft.NET.Sdk.WindowsDesktop">
+<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <OutputType>WinExe</OutputType>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
-    <UseWPF>true</UseWPF>
+    <TargetFramework>net5.0</TargetFramework>
    <AssemblyName>BaseXInterface</AssemblyName>
    <RootNamespace>BaseXInterface</RootNamespace>
    <GenerateAssemblyInfo>false</GenerateAssemblyInfo>
--- a/Explorer.netcore.csproj
+++ b/Explorer.netcore.csproj
@ -1,7 +1,7 @@
-<Project Sdk="Microsoft.NET.Sdk.WindowsDesktop">
+<Project Sdk="Microsoft.NET.Sdk">
  <PropertyGroup>
    <OutputType>WinExe</OutputType>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net5.0-windows</TargetFramework>
    <UseWPF>true</UseWPF>
    <OutputType>WinExe</OutputType>
    <RootNamespace>XppReasoningWpf</RootNamespace>
--- a/tools/Workflows/BulkQuery/BulkQuery.netcore.csproj
+++ b/tools/Workflows/BulkQuery/BulkQuery.netcore.csproj
@ -2,7 +2,7 @@

  <PropertyGroup>
    <OutputType>Exe</OutputType>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net5.0</TargetFramework>
    <PackageLicenseFile>..\MIT License.md</PackageLicenseFile>
  </PropertyGroup>
  <PropertyGroup>
--- a/tools/Workflows/WorkflowLibrary/WorkflowLibrary.netcore.csproj
+++ b/tools/Workflows/WorkflowLibrary/WorkflowLibrary.netcore.csproj
@ -2,7 +2,7 @@

  <PropertyGroup>
    <OutputType>Library</OutputType>
-    <TargetFramework>netcoreapp3.1</TargetFramework>
+    <TargetFramework>net5.0</TargetFramework>
    <AssemblyName>WorkflowLibrary</AssemblyName>
    <RootNamespace>WorkflowLibrary</RootNamespace>
    <PackageLicenseFile>..\MIT License.md</PackageLicenseFile>